Reboot your computer, and repeatedly press F8 (but not too fast) until you see a screen that looks like this:

Select Safe Mode with Command Prompt using the Up and Down arrow keys, and press enter. Then when the logon screen appears, select the new Administrator account that appears and log on with it.

When logged on, you will have nothing but the CMD. It appears you can't do much, but this is the safest and most effective way to rid of really bad viruses. (You may want to write the following down on a piece of paper) In the CMD, type run mbam.exe and hit enter. The Malwarebytes' UI will appear. Select "Preform full scan" and hit "Scan". Wait until that is finished. If you have any viruses, that should catch them.

If this finds nothing, but you still think you are infected, start up normally again, and download SuperAntiSpyware from HERE and install it for all users.

Reboot and hit F8 again, but this time just select Safe Mode. Logon with the Administrator account again, go to 'My Computer', and navigate to C:\Program Files\SUPERAntiSpyware. Double click SUPERANTISPYWARE and the UI will open. Preform a full scan with that.

NOTE: SuperAntiSpyware may find several hundred tracking cookies. These are not viruses, so do not be alarmed by them. Still have them deleted though.

(06-08-2011, 09:45 PM)Deltron Wrote: There are many, many more methods and tools to utilize before a reformat.

The only time I would recommend a reformat is if a user was infected with Virut or Sality. In this case, many of the vital running processes would be infected. Though, this is not very common.

I suppose. Although I tend to be more reckless with situations like that, being that I know everything I want on my PC, and where to get uninfected cracks for most, so I can get it back to what it used to be within a day or so. It isn't a very big setback for me. The one thing I DO save though is all my coding. I put that on a USB.

You can still use combofix and use it to scan your computer for a log, then use combofix to remove the infected/malicious processes. You can create a text file and drag it over the combofix.exe to get it to kill certain tasks that you specify within the text file. And if the virus disables combofix from running you can rename combofix to 123.com if you're downloading it for the first time. Usually the virus disables known helper programs by filename.